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K! Responsive to communication(s) filed on Dec 1, 1999 • 

□ This action is FINAL. 

□ Since this application is in condition for allowance except for formal matters, prosecution as to the merits is closed 
in accordance with the practice under Ex parte Quayle, 1935 CD. 11; 453 O.G. 213. 

A shortened statutory period for response to this action is set to expire 3 month(s), or thirty days, whichever 
is longer, from the mailing date of this communication. Failure to respond within the period for response will cause the 
application to become abandoned. (35 U.S.C. § 133). Extensions of time may be obtained under the provisions of 
37 CFR 1.136(a). 



Disposition of Claims 

IS Claim(s) 3, 5-43, and 45-95 



is/are pending in the application. 



Of the above, claim(s) 
□ Claim(s) 



&i Claim(s) 3, 5-26, 31-43, 49-63, and 67-93 



Kl Claim(s) 27-30, 45-48, 64-66, 94, and 95 
□ Claims 



is/are withdrawn from consideration. 

is/are allowed. 

is/are rejected. 

is/are objected to. 



are subject to restriction or election requirement. 



Application Papers 

(XI See the attached Notice of Draftsperson's Patent Drawing Review, PTO-948. 

□ The drawing(s) filed on is/are objected to by the Examiner. 

□ The proposed drawing correction, filed on is Cbpproved disapproved. 

□ The specification is objected to by the Examiner. 

□ The oath or declaration is objected to by the Examiner. 

Priority under 35 U.S.C. § 119 

□ Acknowledgement is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d). 

□ All □ Some* DNone of the CERTIFIED copies of the priority documents have been 

□ received. 

□ received in Application No. (Series Code/Serial Number) . 

□ received in this national stage application from the International Bureau (PCT Rule 17.2(a)). 
'Certified copies not received: 



□ Acknowledgement is made of a claim for domestic priority under 35 U.S.C. § 119(e). 

Attachment(s) 

Kl Notice of References Cited, PTO-892 

IS Information Disclosure Statement(s), PTO-1449, Paper No(s). 1, 4, 7 

□ Interview Summary, PTO-41 3 

53 Notice of Draftsperson's Patent Drawing Review, PTO-948 

□ Notice of Informal Patent Application, PTO-152 
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DETAILED ACTION 
Election/Restriction 

1 . Applicant's election without traverse of the restriction requirement in Paper No. 8 is 
acknowledged. (Note the examiner assumes that applicant has elected without traverse because 
there are not arguments concerning the restriction requirement accompanying the election.) 

2. Claims 27-30, 45-49, 64-66, 94 and 95 are withdrawn from further consideration by the 
examiner, 37 CFR 1 .142(b) as being drawn to a non-elected inventions. Election was made 
without traverse in Paper No. 9. 

Double Patenting 

3. The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper timewise extension of the "right to exclude" granted by a patent and to prevent possible 
harassment by multiple assignees. See In re Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. 
Cir. 1993); In re LongU 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 
F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 
1970);and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to 
overcome an actual or provisional rejection based on a nonstatutory double patenting ground 
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provided the conflicting application or patent is shown to be commonly owned with this 
application. See 37 CFR 1.130(b). 

Effective January 1 , 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). 
4. Claims 3, 5-26, 31-43, 49-63 and 79-93 are rejected under the judicially created doctrine 
of obviousness-type double patenting as being unpatentable over claims 1-19, 28-39 of U.S. 
Patent No. 5,708,780 (hereafter referred to as '780). Although the conflicting claims are not 
identical, they are not patentably distinct from each other because of the following reasons. 

A chart illustrating the one-to-one correspondence between the claims of present 
application and patent c 780 is found on the following page. 

Statements concerning the obviousness of the variations between the claims of the present 
application and '780 follow. The statements correspond to the order of appearance of the 
variations in the claims of the present application. 

As to claims 23 and 36, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made that incorporating access rights of the client that are fully 
contained in the session identifier would have ensured that the client would not have to further 
authenticate to access other documents in the same domain. 

As to claim 24, it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to have incorporated the document is customized for a particular user 
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based on the user identification would have improved system effectiveness by incorporating user 
preferences into the display of the documents. 

As to claim 25, it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to have incorporated returning the requested document if the 
authorization identifier indicates the user is authorized to access the document because 
authorization identifier are well known features of session identifiers. 

As to claim 26, it would have been obvious to one of ordinary skill in the art at the time 
invention was made that incorporating returning the request document to the client and charging 
the identified user because doing so would have ensured that the content providers receive 
royalties on all their work provided to the user. 

As to claims 49, 56, 80 and 87, it would have been obvious to one of ordinary skill in the 
art at the time the invention was made that a session identifier generated in an authorization 
routine would have been cryptographically generated because cryptography is a well method of 
generating unique identifiers used in authorization routines. 

As to claims 53 and 84, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made that a uniform resource locator is a specific absolute link. 

As to claims 55 and 86, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made that filtering the requested document would have improved 
system effectiveness by incorporating user preferences into the display of the documents 
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As to claims 59 and 90, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made that an expiration time would have been a specific date. 

As to claims 57 and 88, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made that a protected domain would have been an accessible domain 
after authorization of a user. 

As to claims 6 1 and 91 , It would have been obvious to one of ordinary skill in the art at 
the time the invention was made that the address of a client would have been a specific user 
identifier. 

As to dependent claims 62 and 93, it would have been obvious to one of ordinary skill in 
the art at the time the invention was made that a session identifier generated in an authorization 
routine would have comprised a digital signature because digital signatures well known unique 
and forge resistance hashes used by authorization routines. 

Those claims which have not specifically been mentioned are either dependent on a claim 
where the variation has been explained or are without variation. 

Claim Rejections - 35 USC § 102 
5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless 

(a) the invention was known or used by others in this country, or patented or described in a printed publication in 
this or a foreign country, before the invention thereof by the applicant for a patent. 
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6. Claims 67-69 and 71-75 are rejected under 35 U.S.C. 102(a) as being anticipated by Jose 
Kahan, A capability-based authorization model for the World-Wide Web (hereafter referred to as 
Kahan). 

7. As to claim 67, Kahan taught a method of processing a service request from a client to a 
server system through a network, said method comprising the steps of: 

forwarding a service request from the client to the server system, wherein communications 
between the client and server system are according to hypertext transfer protocol (page 2, para A, 
B, C), and wherein the service request includes a session identifier designated by the server 
system (including document capability in client request, DDcap, page 5, para A); 

validating, at the server system, the session identifier (if the capability is valid, page 5, para 

B); and 

returning a controlled document if the session identifier is valid (root document returned 
to client, para B). 

8. As to dependent claim 68, Kahan taught wherein the session identifier is cryptographically 
generated (grantor's signature is inherently cryptographically generated, page 6, para B). 

9. As to dependent claim 69, Kahan taught wherein the session identifier is directed to an 
accessible domain (authorization domain, page 5, para C). 

10. As to dependent claim 70, Kahan taught wherein the session identifier comprises an 
expiration time (validity period, page 6, para C). 
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11. As to dependent claim 72, Kahan taught wherein the session identifier comprises a key 
identifier (authorizator attribute could be a public key, page 6, para F). 

12. As to dependent claim 73, Kahan taught wherein the session identifier comprises an 
address of the client (authorizator indicates the client identity ... could be Internet address, page 6, 
para F). 

13. As to dependent claim 74, Kahan taught wherein the session identifier comprises an 
unforgeable digital signature (protected against unauthorized modification, page 6, para B). 

14. As to dependent claim 75, Kahan taught wherein the session identifier facilitates 
authenticated accesses across multiple content servers (the capabilities allow the user to retrieve 
contents and other documents, para 5, para B and content is retrieved from the same server as the 
root document or other servers, page 2, para B). 

Claim Rejections - 35 USC §103 

15. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

16. Claims 71 and 77 are rejected under 35 U.S.C. 103(a) as being unpatentable over Kahan. 
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17. As to dependent claim 71, Kahan does not specifically teach wherein the session identifier 
comprises a date. However, Kahan taught the session identifier comprises an expiration time 
(validity period, page 6, para C). It would have been obvious to one of ordinary skill in the art at 
the time the invention was made that substituting a date for an expiration time would have been an 
equivalent substitution because dates are specified blocks of time. The motivation would have 
been because both can be used to designate the when a session identifier expires. 

18. As to dependent claim 77, Kahan taught wherein the session identifier is appended to at 
least one request in a document returned by the server system (capabilities are included in the 
Reqdocument, page 5, para C). Kahan does not specifically teach the request is at least one path 
name. However, the document which are being requested are hypertext documents which by 
convention are requested by a path name, i.e. a uniform resource locator. Therefore, it would 
have been obvious to one of ordinary skill in the art at the time the invention was made that 
substituting a path name for Kahan' s request would have been an equivalent substitution because 
Kahan' s environment is a hypertext environment. The motivation would have been because a path 
name is the convention way to make a request using the hypertext transfer protocol. 

19. Claims 31-34, 63, 76 and 78 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Kahan in view of Dedrick, U.S. Patent No. 5,710,884 (hereafter referred to as Dedrick). 

20. As to claim 3 1 , Kahan taught a method of processing a service request for a document 
received from a client through a network, said method comprising the steps of: 
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appending an authorization identifier to the request (including document capability in 
client request, DDcap, page 5, para A); and 

returning the requested document if the authorization identifier indicates that the user is 
authorized to access the document (returning the root document, page 5, para B). 

Kahan does not specifically teach the document being purchased by the user. However, 
Dedrick taught a document being purchased by a user (col. 10, lines 31-51). It would have been 
obvious to one of ordinary skill in the art at the time the invention was made that incorporating 
Dedrick' s document being purchased by the user in Kahan' s system for controlling access to 
document would have improved the marketability of Kahan's system by providing a business 
application. The motivation would have been to ensure that content originators are compensated 
for their work with each access. 

21 . As to dependent claim 32, Kahan taught wherein the authorization identifier is encoded 
within a session identifier which is appended to the request (capability attributes includes a S A 
identifier, page 6, para A). 

22. As to claim 33, Kahan taught a method of processing a service request for a document 
from a client to a server system through a network, said method comprising the steps of: 

appending a session identifier designated by the server system to the request (including 
document capability in client request, DDcap, page 5, para A); 

returning the requested document to the client (returning the root document, page 5, para 
B). Kahan does not specifically teach charging the user identified in the session identifier for 
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access to the document. However, Dedrick taught charging the user identified in the session 
identifier for access to the document (col. 10, lines 31-51). For motivation for combination see 
claim 31, above. 

23. As to dependent claim 34, Kahan taught wherein a user identifier is encoded within a 
session identifier which is appended to the request (Table 4, authorizer attributes which are part 
of the capabilities). 

24. As to dependent claim 63, Kahan taught wherein the authorization identifier is provided by 
an authentication server (capability is provided by AUS, page 5, para A). 

25. As to dependent claim 76, Kahan does not specifically teach wherein the document is 
customized for a particular user based on a user identification of the session identifier. However, 
Dedrick taught document is customized for a particular user based on a user identification of the 
session identifier (col. 18, lines 32-44). It would have been obvious to one of ordinary skill in the 
art at the time the invention was made that incorporating Dedrick's customizing documents for 
the user in Kahan' s system for controlling access to documents would have to improve system 
effectiveness by taking the user preferences into account before displaying the document. The 
motivation would have been to have the user be presented with the most effective interface to the 
document. 

26. As to dependent claim 78, Kahan does not specifically teach wherein the step of appending 
the session identifier comprises filtering the requested document. However, Dedrick taught 
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filtering the requested document (filtering the document to customized to the user's needs, col. 
18, lines 32-44). For motivation for combination see claim 76, above. 

Conclusion 

27. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. T. Berners-Lee, Uniform Resource Locators (URLs): taught a common internet 
syntax where the user password is appended to a specified URL; 

b. Jose Kahan, A Distributed Authorization Model for WWW: taught a distributed 
authorization model where document and content servers make local authorization decisions 
using capabilities presented by the clients; and 

c. Sessioneer: Flexible Session Level authentication With Off the Shelf Servers and 
Clients: taught a session level Authentication system which does not require server software 
modification and authenticates the users for subsequent document requests. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Patrice Winder whose telephone number is (703) 305-3938. The examiner 
can normally be reached on Monday-Friday from 7:30 AM to 4:00 PM. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Ahmad Matar, can be reached on (703) 305-473 1 . The fax phone number for this Group is (703) 
308-9052. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the Group receptionist whose telephone number is (703) 305-3900. 
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SUPERVISORY PATENT EXAMINER 
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Monday, February 14, 2000 



